aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authormat <mat@FreeBSD.org>2015-12-22 00:02:55 +0800
committermat <mat@FreeBSD.org>2015-12-22 00:02:55 +0800
commitfe43bf994c38afde526eee881d761e002c9a0e5c (patch)
tree18677fbec3761361adbf6246a0a9cd509847570a /security
parent5fe7af36f095e615f030bbd10041d5197d4871f9 (diff)
downloadfreebsd-ports-gnome-fe43bf994c38afde526eee881d761e002c9a0e5c.tar.gz
freebsd-ports-gnome-fe43bf994c38afde526eee881d761e002c9a0e5c.tar.zst
freebsd-ports-gnome-fe43bf994c38afde526eee881d761e002c9a0e5c.zip
Fix build as a user.
While there, merge do-install and post-install, and use an option target helper. Sponsored by: Absolight
Diffstat (limited to 'security')
-rw-r--r--security/ossec-hids-server/Makefile5
-rw-r--r--security/ossec-hids-server/files/patch-src__InstallAgent.sh110
-rw-r--r--security/ossec-hids-server/files/patch-src__InstallServer.sh102
3 files changed, 160 insertions, 57 deletions
diff --git a/security/ossec-hids-server/Makefile b/security/ossec-hids-server/Makefile
index e9aa5dfe4e71..1be5be9866ea 100644
--- a/security/ossec-hids-server/Makefile
+++ b/security/ossec-hids-server/Makefile
@@ -101,8 +101,6 @@ do-install:
.else
@cd ${WRKSRC}/src; ${MAKE} server
.endif
-
-post-install:
@${MKDIR} ${STAGEDIR}${PREFIX}/${PORTNAME}/etc
.for file in ${STRIP_FILES}
${STRIP_CMD} ${STAGEDIR}${PREFIX}/ossec-hids/bin/${file}
@@ -116,9 +114,8 @@ post-install:
${CP} ${WRKSRC}/etc/ossec-server.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
.endif
-.if ${PORT_OPTIONS:MDOCS}
+post-install-DOCS-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
@cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}
-.endif
.include <bsd.port.post.mk>
diff --git a/security/ossec-hids-server/files/patch-src__InstallAgent.sh b/security/ossec-hids-server/files/patch-src__InstallAgent.sh
index 93ce504f97fe..171900723779 100644
--- a/security/ossec-hids-server/files/patch-src__InstallAgent.sh
+++ b/security/ossec-hids-server/files/patch-src__InstallAgent.sh
@@ -1,6 +1,6 @@
---- ./src/InstallAgent.sh.orig 2014-07-13 15:25:05.161395378 -0600
-+++ ./src/InstallAgent.sh 2014-07-13 15:25:35.972393742 -0600
-@@ -37,11 +37,11 @@
+--- src/InstallAgent.sh.orig 2015-06-10 15:38:32 UTC
++++ src/InstallAgent.sh
+@@ -37,11 +37,11 @@ fi
# Creating groups/users
if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
@@ -17,3 +17,107 @@
elif [ "$UNAME" = "SunOS" ]; then
grep "^${USER}" /etc/passwd > /dev/null 2>&1
+@@ -106,22 +106,17 @@ for i in ${subdirs}; do
+ done
+
+ # Default for all directories
+-chmod -R 550 ${DIR}
+-chown -R root:${GROUP} ${DIR}
++chmod -R 750 ${DIR}
+
+ # To the ossec queue (default for agentd to read)
+-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
+ chmod -R 770 ${DIR}/queue/ossec
+
+ # For the logging user
+-chown -R ${USER}:${GROUP} ${DIR}/logs
+ chmod -R 750 ${DIR}/logs
+ chmod -R 775 ${DIR}/queue/rids
+ touch ${DIR}/logs/ossec.log
+-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
+ chmod 664 ${DIR}/logs/ossec.log
+
+-chown -R ${USER}:${GROUP} ${DIR}/queue/diff
+ chmod -R 750 ${DIR}/queue/diff
+ chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
+
+@@ -129,8 +124,7 @@ chmod 740 ${DIR}/queue/diff/* > /dev/nul
+
+
+ # For the etc dir
+-chmod 550 ${DIR}/etc
+-chown -R root:${GROUP} ${DIR}/etc
++chmod 750 ${DIR}/etc
+
+ ls /etc/localtime > /dev/null 2>&1
+ if [ $? = 0 ]; then
+@@ -142,13 +136,11 @@ if [ "$UNAME" = "SunOS" ]; then
+ mkdir -p ${DIR}/usr/share/lib/zoneinfo/
+ chmod -R 555 ${DIR}/usr/
+ cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
+- chown -R root:${GROUP} ${DIR}/usr/
+ fi
+
+ ls /etc/TIMEZONE > /dev/null 2>&1
+ if [ $? = 0 ]; then
+ cp -p /etc/TIMEZONE ${DIR}/etc/;
+- chown root:${GROUP} ${DIR}/etc/TIMEZONE
+ chmod 555 ${DIR}/etc/TIMEZONE
+ fi
+
+@@ -168,25 +160,17 @@ cp -pr ../etc/local_internal_options.con
+ cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
+ cp -pr agentlessd/scripts/* ${DIR}/agentless/
+
+-chown root:${GROUP} ${DIR}/etc/internal_options.conf
+-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
+-chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
+-chown root:${GROUP} ${DIR}/agentless/*
+-chown ${USER}:${GROUP} ${DIR}/.ssh
+-chown -R root:${GROUP} ${DIR}/etc/shared
+-
+-chmod 550 ${DIR}/etc
++chmod 750 ${DIR}/etc
+ chmod 440 ${DIR}/etc/internal_options.conf
+ chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
+ chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1
+ chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it
+-chmod 550 ${DIR}/agentless/*
++chmod 750 ${DIR}/agentless/*
+ chmod 700 ${DIR}/.ssh
+
+
+ # For the /var/run
+ chmod 770 ${DIR}/var/run
+-chown root:${GROUP} ${DIR}/var/run
+
+
+ # Moving the binary files
+@@ -200,7 +184,6 @@ cp -pr addagent/manage_agents ${DIR}/bin
+ cp -pr ../contrib/util.sh ${DIR}/bin/
+ cp -pr external/lua/src/ossec-lua ${DIR}/bin/
+ cp -pr external/lua/src/ossec-luac ${DIR}/bin/
+-chown root:${GROUP} ${DIR}/bin/util.sh
+ chmod +x ${DIR}/bin/util.sh
+
+ # Copying active response modules
+@@ -208,10 +191,8 @@ sh ./init/fw-check.sh execute > /dev/nul
+ cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
+ cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
+ chmod 755 ${DIR}/active-response/bin/*
+-chown root:${GROUP} ${DIR}/active-response/bin/*
+
+-chown root:${GROUP} ${DIR}/bin/*
+-chmod 550 ${DIR}/bin/*
++chmod 750 ${DIR}/bin/*
+
+
+ # Moving the config file
+@@ -227,7 +208,6 @@ if [ $? = 0 ]; then
+ else
+ cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf
+ fi
+-chown root:${GROUP} ${DIR}/etc/ossec.conf
+ chmod 440 ${DIR}/etc/ossec.conf
+
+
diff --git a/security/ossec-hids-server/files/patch-src__InstallServer.sh b/security/ossec-hids-server/files/patch-src__InstallServer.sh
index 83ee92787b5d..860546201835 100644
--- a/security/ossec-hids-server/files/patch-src__InstallServer.sh
+++ b/security/ossec-hids-server/files/patch-src__InstallServer.sh
@@ -1,6 +1,6 @@
---- ./src/InstallServer.sh.orig 2014-05-22 07:10:57.000000000 -0600
-+++ ./src/InstallServer.sh 2014-07-13 15:24:45.552390120 -0600
-@@ -44,13 +44,13 @@
+--- src/InstallServer.sh.orig 2015-06-10 15:38:32 UTC
++++ src/InstallServer.sh
+@@ -44,13 +44,13 @@ fi
# Creating groups/users
if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
@@ -21,85 +21,73 @@
elif [ "$UNAME" = "SunOS" ]; then
grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
-@@ -123,61 +123,61 @@
+@@ -121,63 +121,47 @@ for i in ${subdirs}; do
+ done
+
# Default for all directories
- chmod 550 ${DIR}
- chmod 550 ${DIR}/*
+-chmod 550 ${DIR}
+-chmod 550 ${DIR}/*
-chown root:${GROUP} ${DIR}
-chown root:${GROUP} ${DIR}/*
-+#chown root:${GROUP} ${DIR}
-+#chown root:${GROUP} ${DIR}/*
++chmod 750 ${DIR}
++chmod 750 ${DIR}/*
# AnalysisD needs to write to alerts: log, mail and cmds
-chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
-+#chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
chmod -R 770 ${DIR}/queue/alerts
# To the ossec queue (default for analysisd to read)
-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
-+#chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
chmod -R 770 ${DIR}/queue/ossec
# To the ossec fts queue
-chown -R ${USER}:${GROUP} ${DIR}/queue/fts
-+#chown -R ${USER}:${GROUP} ${DIR}/queue/fts
chmod -R 750 ${DIR}/queue/fts
chmod 750 ${DIR}/queue/fts/* > /dev/null 2>&1
# To the ossec syscheck/rootcheck queue
-chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
-+#chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
chmod -R 750 ${DIR}/queue/syscheck
chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1
-chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
-+#chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
chmod -R 750 ${DIR}/queue/rootcheck
chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1
-chown ${USER}:${GROUP} ${DIR}/queue/diff
-chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1
-+#chown ${USER}:${GROUP} ${DIR}/queue/diff
-+#chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1
chmod 750 ${DIR}/queue/diff
chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
-chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
-+#chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
chmod -R 750 ${DIR}/queue/agent-info
chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1
-chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
-+#chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
chmod -R 750 ${DIR}/queue/rids
chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1
-chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
-+#chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
chmod -R 750 ${DIR}/queue/agentless
chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1
# For the stats directory
-chown -R ${USER}:${GROUP} ${DIR}/stats
-+#chown -R ${USER}:${GROUP} ${DIR}/stats
chmod -R 750 ${DIR}/stats
# For the logging user
-chown -R ${USER}:${GROUP} ${DIR}/logs
-+#chown -R ${USER}:${GROUP} ${DIR}/logs
chmod -R 750 ${DIR}/logs
touch ${DIR}/logs/ossec.log
-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
-+#chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
chmod 660 ${DIR}/logs/ossec.log
touch ${DIR}/logs/active-responses.log
-chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log
-+#chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log
chmod 660 ${DIR}/logs/active-responses.log
# For the rules directory
-@@ -195,7 +195,7 @@
+@@ -195,7 +179,7 @@ if [ $? = 0 ]; then
fi
fi
@@ -108,47 +96,57 @@
find ${DIR}/rules/ -type f -exec chmod 440 {} \;
# If the local_rules is saved, moved it back
-@@ -204,18 +204,18 @@
+@@ -204,37 +188,33 @@ if [ $? = 0 ]; then
mv ${DIR}/rules/saved_local_rules.xml.$$ ${DIR}/rules/local_rules.xml
fi
-chown -R root:${GROUP} ${DIR}/rules
-+#chown -R root:${GROUP} ${DIR}/rules
- chmod -R 550 ${DIR}/rules
+-chmod -R 550 ${DIR}/rules
++chmod -R 750 ${DIR}/rules
# For the etc dir
- chmod 550 ${DIR}/etc
+-chmod 550 ${DIR}/etc
-chown -R root:${GROUP} ${DIR}/etc
-+#chown -R root:${GROUP} ${DIR}/etc
++chmod 750 ${DIR}/etc
ls /etc/localtime > /dev/null 2>&1
if [ $? = 0 ]; then
cp -pL /etc/localtime ${DIR}/etc/;
chmod 440 ${DIR}/etc/localtime
- chown root:${GROUP} ${DIR}/etc/localtime
-+ #chown root:${GROUP} ${DIR}/etc/localtime
fi
# Solaris Needs some extra files
-@@ -234,7 +234,7 @@
+ if [ "$UNAME" = "SunOS" ]; then
+ mkdir -p ${DIR}/usr/share/lib/zoneinfo/
+- chmod -R 550 ${DIR}/usr/
++ chmod -R 750 ${DIR}/usr/
+ cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
+ fi
+
+ ls /etc/TIMEZONE > /dev/null 2>&1
+ if [ $? = 0 ]; then
+ cp -p /etc/TIMEZONE ${DIR}/etc/;
+- chmod 550 ${DIR}/etc/TIMEZONE
++ chmod 750 ${DIR}/etc/TIMEZONE
+ fi
+
# For the /var/run
chmod 770 ${DIR}/var/run
-chown root:${GROUP} ${DIR}/var/run
-+#chown root:${GROUP} ${DIR}/var/run
# Moving the binary files
cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \
-@@ -257,7 +257,7 @@
+@@ -257,7 +237,6 @@ cp -pr util/rootcheck_control ${DIR}/bin
cp -pr external/lua/src/ossec-lua ${DIR}/bin/
cp -pr external/lua/src/ossec-luac ${DIR}/bin/
cp -pr ../contrib/util.sh ${DIR}/bin/
-chown root:${GROUP} ${DIR}/bin/util.sh
-+#chown root:${GROUP} ${DIR}/bin/util.sh
chmod +x ${DIR}/bin/util.sh
# Local install chosen
-@@ -287,14 +287,14 @@
+@@ -287,23 +266,15 @@ fi
cp -pr ../etc/internal_options.conf ${DIR}/etc/
cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/
@@ -160,30 +158,35 @@
-chown root:${GROUP} ${DIR}/etc/shared/*
-chown root:${GROUP} ${DIR}/agentless/*
-chown ${USER}:${GROUP} ${DIR}/.ssh
-+#chown root:${GROUP} ${DIR}/etc/decoder.xml
-+#chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1
-+#chown root:${GROUP} ${DIR}/etc/internal_options.conf
-+#chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1
-+#chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1
-+#chown root:${GROUP} ${DIR}/etc/shared/*
-+#chown root:${GROUP} ${DIR}/agentless/*
-+#chown ${USER}:${GROUP} ${DIR}/.ssh
chmod 440 ${DIR}/etc/decoder.xml
chmod 440 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1
chmod 440 ${DIR}/etc/internal_options.conf
-@@ -314,9 +314,9 @@
+ chmod 440 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1
+ chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1
+-chmod 550 ${DIR}/etc
++chmod 750 ${DIR}/etc
+ chmod 770 ${DIR}/etc/shared
+ chmod 440 ${DIR}/etc/shared/*
+-chmod 550 ${DIR}/agentless/*
++chmod 750 ${DIR}/agentless/*
+ rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1
+ chmod 700 ${DIR}/.ssh
+
+@@ -313,11 +284,9 @@ sh ./init/fw-check.sh execute > /dev/nul
+ cp -p ../active-response/*.sh ${DIR}/active-response/bin/
cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
- chmod 550 ${DIR}/active-response/bin/*
+-chmod 550 ${DIR}/active-response/bin/*
-chown root:${GROUP} ${DIR}/active-response/bin/*
-+#chown root:${GROUP} ${DIR}/active-response/bin/*
++chmod 750 ${DIR}/active-response/bin/*
-chown root:${GROUP} ${DIR}/bin/*
-+#chown root:${GROUP} ${DIR}/bin/*
- chmod 550 ${DIR}/bin/*
+-chmod 550 ${DIR}/bin/*
++chmod 750 ${DIR}/bin/*
-@@ -328,12 +328,12 @@
+ # Moving the config file
+@@ -328,12 +297,11 @@ fi
ls ../etc/ossec.mc > /dev/null 2>&1
if [ $? = 0 ]; then
@@ -195,8 +198,7 @@
fi
-chown root:${GROUP} ${DIR}/etc/ossec.conf
-chmod 440 ${DIR}/etc/ossec.conf
-+#chown root:${GROUP} ${DIR}/etc/ossec.conf.sample
-+chmod 440 ${DIR}/etc/ossec.conf.sample
++chmod 640 ${DIR}/etc/ossec.conf.sample